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IN THE CLAIMS: 

1 . (Currently amended) A method, in a computer system* for monitoring data sent from the 
computer system,, comprising: 

detecting a request for an outgoing transfer of data from a program in the computer 
system to a destination; 

determining whether the destination is a trusted site; 

performing a corrective action if the destination is not a trusted site, wherein the step of 
performing a corrective action comprises at least one offfl changing the destination of the 
outgoing transfer to the computer system; and determining whether the program operates in 
response to the changed destination , and (it) encrypting the data andjletermining whether the 
program operates in response to the encryption . 

2. (Original) The method of claim 1 , wherein the step of determining whether the 
destination is a trusted site comprises matching the destination against a list of trusted sites. 

3. (Original) The method of claim 1 , wherein the corrective action comprises blocking the 
outgoing transfer. 

4. (Previously presented) The method of claim 1 , wherein the corrective action comprises 
disabling the program that requested the outgoing transfer of data. 

5-6. (Cancelled) 

7. (Currently amended) The method of claim 6 1, wherein the step of encrypting the data 
comprises irreversibly encrypting the data by injecting random numbers into the data. 

8. (Currently amended) A m e tho d , in a oomputor oygtom, for monitoring data oont from tho 
computer system; The method of claim 1 > farther comprising: 

det e cting a - roquoot for - on outgoing transfer of data from q program in tho oomputor 
oystom to a destination; 

determining whether th e d e stination io o tru ste d -s i te ; 

performing a oorr e otivo action if th e d e stination is not a trusted sito; 
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determining whether the amount of data for the outgoing transfer is uncharacteristically 
high; and 

performing a the corrective action if the amount of data is uncharacteristically high. 

9. (Currently amended) The method of claim 1, farther comprising: 

determining whether the data includes personal information if the destination is a trusted 
site; and 

performing * the corrective action if the data includes personal information, 

1 0. (Original) The method of claim 9, wherein the step of determining whether the data 
includes personal information comprises performing a text string search or binary pattern search 
on the data. 

1 1 . (Original) The method of claim 1, wherein the step of performing a corrective action 
comprises storing a log of the outgoing transfer. 

12. (Original) The method of claim 11, wherein the step of storing a log of the outgoing 
transfer comprises storing the data. 

13. (Original) The method of claim 11, further comprising transferring the log to a remote 
computer. 

14-24. (Cancelled) 

25. (Currently amended) An apparatus for monitoring data sent from a computer system, 
comprising: 

detection means for detecting a request for an outgoing transfer of data from a program in 
the computer system to a destination; 

determination means for determining whether the destination is a trusted site; 

correction means for performing a corrective action if the destination is not a trusted site? A 
wherein the CTTrej^Qnjflgansjcjamp^ of ( 0 means for changing the destinationjaf 

the outgoing transfer to the computer system and m eans for determining whether the program 
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operates in response to the chanced destination, and (ii) m eans for encrypting the data and mpans 
for determining whether the program operates in respon se to the encryption 

m oms for determining whother tho data inoludoa personal information if the dootinntion io 
a trusted oit e ; - and 

moono for performing tho oorrootivc action if the data includes personal information . 

26. (Original) The apparatus of claim 25, wherein the determination means comprises means 
for matching the destination against a list of trusted sites. 

27. (Original) The apparatus of claim 25, wherein the corrective acti on comprises blocking 
the outgoing transfer. 

28. (Previously presented) The apparatus of claim 25, wherein the corrective action 
comprises disabling the program that requested the outgoing transfer of data. 

29-30. (Cancelled) 

3 1 . (Currently amended) The apparatus of claim 30 25, wherein the encryption means 
comprises means for irreversibly encrypting the data by injecting random numbers into the data. 

32. (Currently amended) The apparatus of claim 25, further comprising: 

means for determining whether the amount of data for the outgoing transfer is 
uncharacteristically high; and 

means for performing a the corrective action if the amount of data is uncharacteristically 

high. 

33. (Cancelled) 

34. (Currently amended) The apparatus of claim 25, wherein tho further comprising means 
for determining whether the data includes personal information oomprigeo m e ans for performing 
a text string soaroh or binary pattern ooaroh on tho data . 
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s' 

35. (Original) The apparatus of claim 25, wherein the step of performing a corrective action 
comprises storage means for storing a log the outgoing transfer. 

36. (Original) The apparatus of claim 35, wherein the storage means comprises means for 
storing the data. 

37. (Original) The apparatus of claim 35, further comprising means for transferring the log to 
a remote computer. 

38-48. (Cancelled) 

49. (Currently amended) A computer program product, in a computer readable medium, for 
monitoring data sent from a computer system, comprising: 

instructions for detecting a request for an outgoing transfer of data from a program in the 
computer system to a destination; 

instructions for determining whether the destination is a trusted site; 

instructions for performing a corrective action if the destination is not a trusted site^ 
wherein the instructions for performing ^ corrective action comprises at least one of (ft 
instructions for changing the destination of the outgoing transfer to the computer system and 
instructions for determining whether the program operates in response to the changed destination, 
and (ift instructions for encrypting the data and instructions for determining whether the program 
operates in response to the encryption instructions for determining whether the dntn includes 
personal information; and inqtmotiono for performing a corrective action if th e data includ es 
personal information . 

50. (Cancelled) 
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